1 /* Copyright (c) 2006-2009, Stig Venaas, UNINETT AS.
2 * Copyright (c) 2010, UNINETT AS, NORDUnet A/S.
3 * Copyright (c) 2010-2012, NORDUnet A/S. */
4 /* See LICENSE for licensing information. */
6 #include "radsecproxy.h"
9 #include "fticks_hashmac.h"
12 fticks_configure(struct options *options,
18 const char *reporting = (const char *) *reportingp;
19 const char *mac = (const char *) *macp;
22 options->fticks_reporting = RSP_FTICKS_REPORTING_NONE;
23 options->fticks_mac = RSP_FTICKS_MAC_VENDOR_KEY_HASHED;
25 if (reporting != NULL) {
26 if (strcasecmp(reporting, "None") == 0)
27 options->fticks_reporting = RSP_FTICKS_REPORTING_NONE;
28 else if (strcasecmp(reporting, "Basic") == 0)
29 options->fticks_reporting = RSP_FTICKS_REPORTING_BASIC;
30 else if (strcasecmp(reporting, "Full") == 0)
31 options->fticks_reporting = RSP_FTICKS_REPORTING_FULL;
34 "config error: invalid FTicksReporting value: %s",
41 if (strcasecmp(mac, "Static") == 0)
42 options->fticks_mac = RSP_FTICKS_MAC_STATIC;
43 else if (strcasecmp(mac, "Original") == 0)
44 options->fticks_mac = RSP_FTICKS_MAC_ORIGINAL;
45 else if (strcasecmp(mac, "VendorHashed") == 0)
46 options->fticks_mac = RSP_FTICKS_MAC_VENDOR_HASHED;
47 else if (strcasecmp(mac, "VendorKeyHashed") == 0)
48 options->fticks_mac = RSP_FTICKS_MAC_VENDOR_KEY_HASHED;
49 else if (strcasecmp(mac, "FullyHashed") == 0)
50 options->fticks_mac = RSP_FTICKS_MAC_FULLY_HASHED;
51 else if (strcasecmp(mac, "FullyKeyHashed") == 0)
52 options->fticks_mac = RSP_FTICKS_MAC_FULLY_KEY_HASHED;
55 "config error: invalid FTicksMAC value: %s", mac);
61 options->fticks_key = *keyp;
62 if (options->fticks_mac != RSP_FTICKS_MAC_VENDOR_KEY_HASHED
63 && options->fticks_mac != RSP_FTICKS_MAC_FULLY_KEY_HASHED)
64 debugx(1, DBG_WARN, "config warning: FTicksKey not used");
66 else if (options->fticks_reporting != RSP_FTICKS_REPORTING_NONE
67 && (options->fticks_mac == RSP_FTICKS_MAC_VENDOR_KEY_HASHED
68 || options->fticks_mac == RSP_FTICKS_MAC_FULLY_KEY_HASHED)) {
70 "config error: FTicksMAC values VendorKeyHashed and "
71 "FullyKeyHashed require an FTicksKey");
72 options->fticks_reporting = RSP_FTICKS_REPORTING_NONE;
76 if (*reportingp != NULL) {
88 fticks_log(const struct options *options,
89 const struct client *client,
90 const struct radmsg *msg,
91 const struct rqout *rqout)
93 uint8_t *username = NULL;
94 uint8_t *realm = NULL;
95 uint8_t visinst[8+40+1+1]; /* Room for 40 octets of VISINST. */
96 uint8_t *macin = NULL;
97 uint8_t macout[2*32+1]; /* Room for ASCII representation of SHA256. */
99 username = radattr2ascii(radmsg_gettype(rqout->rq->msg,
100 RAD_Attr_User_Name));
101 if (username != NULL) {
102 realm = (uint8_t *) strrchr((char *) username, '@');
107 realm = (uint8_t *) "";
109 memset(visinst, 0, sizeof(visinst));
110 if (options->fticks_reporting == RSP_FTICKS_REPORTING_FULL) {
111 if (client->conf->fticks_visinst != NULL ) {
112 snprintf((char *) visinst, sizeof(visinst), "VISINST=%s#",
113 client->conf->fticks_visinst);
115 snprintf((char *) visinst, sizeof(visinst), "VISINST=%s#",
120 memset(macout, 0, sizeof(macout));
121 if (options->fticks_mac == RSP_FTICKS_MAC_STATIC) {
122 strncpy((char *) macout, "undisclosed", sizeof(macout) - 1);
125 macin = radattr2ascii(radmsg_gettype(rqout->rq->msg,
126 RAD_Attr_Calling_Station_Id));
128 switch (options->fticks_mac)
130 case RSP_FTICKS_MAC_ORIGINAL:
131 memcpy(macout, macin, sizeof(macout));
133 case RSP_FTICKS_MAC_VENDOR_HASHED:
134 memcpy(macout, macin, 9);
135 fticks_hashmac(macin, NULL, sizeof(macout) - 9, macout + 9);
137 case RSP_FTICKS_MAC_VENDOR_KEY_HASHED:
138 memcpy(macout, macin, 9);
139 /* We are hashing the first nine octets too for easier
140 * correlation between vendor-key-hashed and
141 * fully-key-hashed log records. This opens up for a
142 * known plaintext attack on the key but the
143 * consequences of that is considered outweighed by
144 * the convenience gained. */
145 fticks_hashmac(macin, options->fticks_key,
146 sizeof(macout) - 9, macout + 9);
148 case RSP_FTICKS_MAC_FULLY_HASHED:
149 fticks_hashmac(macin, NULL, sizeof(macout), macout);
151 case RSP_FTICKS_MAC_FULLY_KEY_HASHED:
152 fticks_hashmac(macin, options->fticks_key, sizeof(macout),
156 debugx(2, DBG_ERR, "invalid fticks mac configuration: %d",
157 options->fticks_mac);
162 "F-TICKS/eduroam/1.0#REALM=%s#VISCOUNTRY=%s#%sCSI=%s#RESULT=%s#",
164 client->conf->fticks_viscountry,
167 msg->code == RAD_Access_Accept ? "OK" : "FAIL");
170 if (username != NULL)
174 /* Local Variables: */
175 /* c-file-style: "stroustrup" */